As explained in further detail here, BIPA establishes certain notice-and-consent requirements that private entities must follow if they are going to collect, store, and use biometric identifiers and information, such as fingerprints. BIPA also creates a private right of action for individuals who are “aggrieved” by a violation of the act. In recent years, there has been a huge upswing in the number of cases filed under BIPA. The main issue these cases encounter early on is whether a company’s mere technical violation of the notice-and-consent requirements is enough to make a plaintiff “aggrieved,” and therefore have standing to sue, or if additional injury is required.

Last year, the Second District decided in Rosenbach that a person is “aggrieved” only if he or she has alleged some actual injury or adverse effect resulting from the violation. A mere technical violation of BIPA’s notice-and-consent requirements, without more, is not enough to give an individual a right to sue. The plaintiff appealed this decision to the Illinois Supreme Court.

However, this fall, the First District appellate court in Illinois parted ways with Rosenbach, creating a definitive district split. The First District decided in Sekura v. Krishna Schaumburg Tan, Inc. that a violation of BIPA is enough to make an individual “aggrieved” and have statutory standing to sue, even if the individual has not alleged additional harm.

The recent Sekura decision played a significant role in the Rosenbach parties’ oral arguments before the Illinois Supreme Court on November 20. During arguments, Rosenbach’s counsel relied on the First District’s opinion that BIPA’s statutory language “does not state that a person aggrieved by a violation of this act—plus some additional harm—may sue.”

Rosenbach’s counsel also echoed the First District’s Sekura decision in arguing BIPA’s legislative intent supports a reading of the term “aggrieved” that requires nothing more than a violation of the Act. He argued the statute was enacted because “people were afraid of participating in biometrics collection because they didn’t know what would happen in the future and wouldn’t have control over their own biometrics. One of the problems with the Second District’s opinion is that it undermines this intent of empowering people to make their own decisions about what happens to their biometrics and whether to participate.”

The legislature could have written the statute differently, he argued, if it had intended “aggrieved” to require some additional harm.

For their part, Six Flags/Great America’s counsel was careful to remind the court of the narrow, certified questions before it: whether a person is “aggrieved” under the Act “when the only injury he alleges is a violation of Section 15(b) of the Act. That is the Act’s collection provision.” Six Flags/Great America’s counsel urged the court to find that “aggrieved by a violation” means a person has been “injured by a violation.”

Justice Thomas in particular was actively engaged during Six Flags/Great America’s argument, and appeared to share the Sekura court’s concern that waiting for actual harm to occur would be “too late”. “If we were to…agree with your position on this case,” Justice Thomas asked, “wouldn’t that remove the incentive and urgency for entities to secure data?”

Six Flags/Great America’s counsel answered no, because BIPA’s provision of liquidated damages and attorney’s fees provide incentives for private entities to comply with the Act. And, she argued, the harm need not be pecuniary; it can be severe emotional harm, which Rosenbach had not alleged. Six Flags/Great America distinguished their argument from the Sekura defendant’s, explaining “the [Sekura] court understood the argument that there needs to be some additional harm, there needs to be two kinds of harm. That’s not what we’re arguing at all. The argument is simply that there needs to be some harm in the first place.”

Six Flags/Great America’s counsel, like Rosenbach’s counsel, went back to the plain language of the statute to support their argument. “[The legislature] could have chosen any number of different formulations if they wanted to create a more expansive right. They could have said ‘Any person shall have a right of action.’ It would have been crystal clear. They could have said ‘Any person may pursue alleged violations of the act.’ That’s not what Section 20, the right of action, says.”

Six Flags/Great America’s counsel also argued the statute does not create a substantive right, contrasting it with another statute, the Right of Publicity Act, where the legislature explicitly created an individual right of publicity.

On rebuttal, Rosenbach’s counsel identified three types of harm flowing from the collection of an individual’s fingerprints without their consent: harm to their personal privacy interest, harm to their property right in their biometrics, and an informational injury that occurs “when the statute requires that somebody be provided information so they can make their own choice before something happens, and they’re deprived of that.”

These harms, he said, make someone “aggrieved” by a violation of BIPA’s collection provision. Additional injuries, such as data compromise, can be remedied through other statutes. “It doesn’t make any sense to say that ‘aggrieved’ means this statute or that statute can’t be enforced, when the defendant does exactly what is prohibited.”

The Illinois Supreme Court took the case under advisement, and will make a final decision at a later date. In the meantime, plaintiffs will likely continue to file BIPA lawsuits based solely on technical violations of the Act. As such, it is important that private entities who collect, store, and use biometric identifiers and information comply with BIPA’s notice-and-consent requirements so as to avoid exposure.

]]>https://www.laboremploymentlawblog.com/2018/11/articles/privacy/biometric-information-privacy-act-notice-and-consent/feed/0It’s High Time to Update Your Marijuana Policieshttps://www.laboremploymentlawblog.com/2018/04/articles/california-legislative-update/marijuana-policies-prop-64/
https://www.laboremploymentlawblog.com/2018/04/articles/california-legislative-update/marijuana-policies-prop-64/#respondFri, 20 Apr 2018 12:09:00 +0000https://www.laboremploymentlawblog.com/?p=3148Continue Reading]]>The legalization of recreational use of marijuana in several states, including California, has left many employment policies vague and confused. This article offers insights to questions every employer should be asking in light of legalization.

California’s Rollout of Legal Marijuana

California voters passed the Adult Use of Marijuana Act (“Prop 64”) on November 8, 2016, legalizing recreational marijuana use. However, the California Bureau of Cannabis Control only began accepting, processing, and issuing licenses to commercial marijuana dispensaries as of January 1, 2018. As of April 2018, the Bureau has granted over 5,000 licenses for a variety of commercial uses, including retail sales and distribution.

Prop 64 legalizes the use and cultivation of marijuana for adults 21 years of age or older, reduces criminal penalties for specific marijuana-related offenses for adults and juveniles, and authorizes resentencing or dismissal and sealing of prior, eligible marijuana-related convictions. It also includes provisions on regulation, licensing, and taxation of legalized use. Given California’s size and wealth, the legalization has broad implications for businesses.

I Know It’s Legal in California, But What is Going on With Federal Law?

Although legal under state law, marijuana use, cultivation and possession remains illegal under federal law. Under the Federal Controlled Substances Act, marijuana remains an illegal Schedule I drug, along with MDMA, LSD, and heroin. 21 U.S.C. §812(c). While the Obama administration chose not to interfere with state legalization efforts, the current U.S. Justice Department—under Attorney General Jeff Sessions—announced a complete reversal of that policy last January, announcing that it will enforce all federal drug laws. Just this month, however, the Trump administration unilaterally announced that it is now abandoning the Justice Department’s new enforcement policy. Justice Department officials, on the other hand, have declined to comment on the White House’s reversal of its policy—further complicating the marijuana legalization quagmire.

Can We Still Have a Drug & Alcohol Free Workplace?

California employers can prohibit employees from using, or being under the influence of, marijuana while conducting company business—full stop. Prop 64 expressly recognizes California employers’ right to “enact and enforce workplace policies pertaining to marijuana.” In particular, employers can “maintain a drug and alcohol free workplace” and have “policies prohibiting the use of marijuana by employees and prospective employees.”

What is the Difference Between On Duty and Off Duty Marijuana Prohibitions?

In addition to implementing a drug and alcohol free workplace, Prop 64 also allows employers to prohibit employees’ use of marijuana off-duty. Specifically, the legalization of marijuana does not restrict or preempt “[t]he rights and obligations of public and private employers to maintain a drug and alcohol free workplace…or affect the ability of employers to have policies prohibiting the use of marijuana by employees and prospective employees, or prevent employers from complying with state or federal law.” Indeed, employers that are federal government contractors or are otherwise receiving federal funding must ensure compliance with all federal laws, including federal laws that prohibit the possession and use of marijuana, even when “medically prescribed.”

Adding to the potential confusion for employers is Labor Code Section 96, which protects employees engaging in lawful conduct—occurring during nonworking hours and away from the employer’s place of business—from adverse employment actions. Prop 64 does not address Labor Code Section 96, and it is therefore uncertain whether Labor Code Section 96 could be used to trump Prop 64’s authorization to regulate off-duty marijuana use for certain employees. Given this uncertainty, many California employers have begun to re-evaluate their position and treat marijuana usage in the same way as alcohol consumption—i.e. prohibit consumption while on-duty, but do not regulate employee’s off-duty conduct.

Do Our Policies Clearly Reflect Our Position on Marijuana?

Clearly written policies that discuss a company’s position on marijuana use is critically important. Vague policies do not mention marijuana—instead they refer to “legal” or “illegal” drugs. However, as discussed above, marijuana is both legal and illegal depending on the jurisdiction. Employers should also be mindful of other issues that may be affected, including potential invasion of privacy, disability discrimination, and wrongful termination claims.

It is important for employers to ensure their workplace drug or alcohol policies are clear, non-discriminatory, and uniformly and consistently applied. For example, employers should expressly identify the company’s position on marijuana and consider instituting a “zero tolerance” policy while an employee is (1) on company premises, (2) conducting or performing company business, (3) operating or responsible for operating company equipment or other property, or (4) responsible for the safety of others in connection with company business. Moreover, if an employer utilizes drug testing, the employer should expressly identify and explain the drug testing policy. Lastly, employers should clearly articulate that a violation of either policy is grounds for immediate termination.

Because of the complications that may arise in balancing the employer’s legitimate interest in a drug free workplace with an employer’s legal obligations regarding discrimination, reasonable accommodations, invasion of privacy, and maintaining confidential medical information, employers should consult with counsel before implementing or revising programs or policies related to drug and alcohol use.

Can We Still Drug Test Employees for Marijuana?

Proposition 64 does not prohibit or limit an employer’s ability to screen for marijuana use as a condition of hiring or promotion. California law continues to allow employers to require pre-employment drug tests and take illegal drug use into consideration in making employment decisions, so long as such policies are applied in a consistent and non-discriminatory manner. Providing adequate disclosures, conditional offers of employment, and obtaining appropriate consent is also imperative before drug testing applicants.

Drug testing current employees, on the other hand, is more complex. While employers are permitted to drug test current employees, this right is subject to limitations under both state and federal law. Drug testing done on an existing employee is permissible if there is “reasonable cause.” For example, an employer may require a drug test if there is a reasonable belief that an employee is under the influence at work in violation of company policy. Red eyes, distant gaze, and the strong aroma of marijuana are all indicators that an employee may be under the influence of marijuana. Ultimately, the law balances the employer’s right to maintain a drug free workplace with the employee’s expectation of privacy. To tip the balance, employers should have express written policies, and obtain prior consent through a written authorization form. Employers should also take care to consider the specific jobs for which drug testing is needed, ensuring that individuals in protected groups are not disparately impacted.

Lastly, it is important to reconsider whether drug testing for marijuana—while permitted by law—is a necessary business practice in the first place. The administration of employee drug testing programs can be costly and logistically burdensome, and employers who are not subject to an explicit drug testing mandate (i.e. federal government contractors, trucking companies, etc.) should evaluate the costs and benefits of testing for marijuana at all.

Takeaways

Confer with your leadership team to discuss how your company feels about marijuana use off-duty and whether certain laws may require regulating employees’ off-duty conduct.

Review and revise your employee handbook to confirm your policies align with company objectives and that your policy does not vaguely refer to legal or illegal drugs.

Confer with legal counsel to determine whether your organization or certain positions may be subject to federally mandated marijuana prohibitions.

Confirm consent forms and disclosures related to drug testing are up to date.

]]>https://www.laboremploymentlawblog.com/2018/04/articles/california-legislative-update/marijuana-policies-prop-64/feed/0Actual Injury Required to Sue Under Illinois Biometric Information Privacy Acthttps://www.laboremploymentlawblog.com/2018/01/articles/privacy/actual-injury-bipa/
https://www.laboremploymentlawblog.com/2018/01/articles/privacy/actual-injury-bipa/#respondThu, 11 Jan 2018 17:42:52 +0000https://www.laboremploymentlawblog.com/?p=3072Continue Reading]]>In recent years, the use of biometrics in business has been growing. In the employment context, for example, some employers use biometric time clocks, which allow employees to “clock in” with a fingerprint or iris scan. Unlike a password or social security number, however, an individual’s biometric identifier or information cannot be changed or replaced if compromised. In the event of a data breach, individuals may have no recourse against identity theft, due to the biologically unique nature of biometrics.

Recognizing this risk, in 2008 the Illinois legislature passed the Illinois Biometric Information Privacy Act (“BIPA”), which regulates private entities’ collection, retention, disclosure, and destruction of biometric identifiers and information. A biometric identifier is a retina or iris scan, fingerprint, voiceprint, or scan of hand or face geometry. Biometric information is more broad, and refers to any information “based on an individual’s biometric identifier used to identify an individual.”

The Act even creates a private right of action for any person “aggrieved” by a BIPA violation. Over the last year, litigants have taken advantage of this right of action, and filed numerous class actions under BIPA. An issue that arises early on in these cases is whether the plaintiffs have standing. That is, whether they have been “aggrieved,” such that they have a right to sue under the statute. Just before the new year, an Illinois appellate court considered the standing issue in Rosenbach v. Six Flags Entertainment Corporation and addressed what it takes to be an “aggrieved person”.

In Rosenbach, the defendants took fingerscans of the plaintiff’s son when he purchased a season pass for the theme park Six Flags. The defendants collected, recorded, and stored this biometric data as part of their security process for entry into the theme park. However, the plaintiff alleged defendants did not obtain written consent before scanning her son’s finger or disclose their plan for the collection, storage, use, or destruction of season pass-holder fingerprint scans. The plaintiff’s only alleged injury was that she would not have allowed her son to purchase the season pass had she known of the defendants’ conduct.

In an interlocutory appeal, the appellate court was asked to answer certified questions regarding what it means to be an aggrieved person under the statute. The court held that a person is aggrieved, and therefore has a right to sue under BIPA, only if he or she has suffered some actual injury or adverse effect. This is similar to the U.S. Supreme Court’s Spokeo standard for Article III standing, which requires a plaintiff’s injury-in-fact to be both concrete and particularized. A technical violation of BIPA, without more, does not give a plaintiff a right to sue under the statute. Having answered the certified questions before it, the appellate court remanded the case for further litigation.

Although the Rosenbach opinion is not yet released for publication, it may be a useful indicator of how courts will scrutinize BIPA claims. Illinois businesses that use or plan to use biometric identifiers and information should be mindful of BIPA’s requirements so as not to invite litigation. Before collecting biometric identifiers or information, a private entity must:

Inform the subject in writing that a biometric identifier or information is being collected or stored;

Inform the subject in writing of the purpose and length of time for which the biometric identifier or information is being collected, stored, and used; and

Receive a written release from the subject.

Private entities that possess biometric identifiers or information must also develop a publicly available written policy setting forth a retention schedule and guidelines for permanent destruction.

The statute’s strict penalties underscore the importance of complying with BIPA’s requirements. A successful plaintiff may recover up to $1,000 for negligent violations and $5,000 for intentional violations, as well as attorneys’ fees and costs. In order to avoid these harsh damages, which may be compounded in a class action, businesses that use or seek to use biometrics should consult counsel to ensure compliance.

]]>https://www.laboremploymentlawblog.com/2018/01/articles/privacy/actual-injury-bipa/feed/0New Jersey Employers May Not “Like” State’s New Social Media “Privacy Settings”https://www.laboremploymentlawblog.com/2013/09/articles/privacy/new-jersey-employers-may-not-like-states-new-social-media-privacy-settings/
Thu, 12 Sep 2013 21:36:53 +0000http://laboremploymentlawblog.wp.lexblogs.com/2013/09/new-jersey-employers-may-not-like-states-new-social-media-privacy-settings/Continue Reading]]>On August 29, 2013, New Jersey Governor Chris Christie signed into law a new measure prohibiting employers from requiring employees or job applicants to provide login information or allow employer access to their accounts on social media sites such as Facebook, Twitter, and YouTube. While, under the law, employers may still view any publicly available information, they may not compel employees to disclose account passwords or “friend” company personnel.

The new law also prohibits employers from retaliating or discriminating against employees or applicants for refusing to provide their social media credentials or reporting alleged violations of the law. However, notwithstanding its broad prohibitions, the law does not provide aggrieved employees with a private right of action. Rather, alleged violations of the law will be investigated by the New Jersey Department of Labor and Workforce Development and will be subject to civil penalties of up to $1,000 for the first violation and $2,500 for each additional violation.

In May 2013, Governor Christie vetoed an earlier version of the bill, which he called “well-intentioned but too broad.” That version would have allowed employees to bring suit for alleged violations of the law and would have prohibited employers from requiring employees to disclose whether they have a personal social media account. Those measures were struck from the final bill. The law also contains certain employer protections, such as permission to investigate employee compliance with applicable laws, regulations, and “prohibitions against work-related misconduct” when the employer receives specific information concerning an employee’s social media account.

The new law goes into effect December 1, 2013, and will make New Jersey the twelfth state to grant employees social media privacy rights, along with Arkansas, California, Colorado, Illinois, Maryland, Michigan, Nevada, New Mexico, Oregon, Utah, and Washington.

]]>Federal Jury Finds Executive Recruiter Guilty Stealing Trade Secrets From Former Employer In Order to Start Competing Businesshttps://www.laboremploymentlawblog.com/2013/05/articles/non-competition-covenants/federal-jury-finds-executive-recruiter-guilty-stealing-trade-secrets-from-former-employer-in-order-to-start-competing-business/
Wed, 01 May 2013 21:02:00 +0000http://laboremploymentlawblog.wp.lexblogs.com/2013/05/federal-jury-finds-executive-recruiter-guilty-stealing-trade-secrets-from-former-employer-in-order-to-start-competing-business/Continue Reading]]>On April 24, 2013, a federal jury in the Northern District of California found former Korn/Ferry International corporate executive recruiter, David Nosal, guilty on six counts of conspiracy, stealing trade secrets, and violations of the Computer Fraud and Abuse Act (“CFAA”). An appeal is expected, however.

The jury trial followed a lengthy procedural history that began in late 2004 when Nosal left the employ of Korn/Ferry. Shortly after Nosal left Korn/Ferry, he convinced three of his former colleagues to help him compile a large volume of data, including lists of employment candidates, from Korn/Ferry computers in order to help him start up a competing executive recruiting firm. On June 26, 2008, Nosal was indicted by the federal government on 20 counts related to him improperly accessing Korn/Ferry’s computers and proprietary databases.

Ultimately, the Ninth Circuit considered the issues related to Nosal’s indictment and whether the CFAA covered the situation presented by Nosal’s actions. In part, Nosal argued that the CFAA was “aimed primarily at hackers” and does not cover employees (such as him) who allegedly misappropriate information or who are accused of violating confidentiality agreements. Nosal further argued that the employees who downloaded the Korn/Ferry information actually were provided access to that information, and, therefore, did not “act without authorization” or “exceed authorized access” as required to be found in violation of the CFAA. In deciding the issue, the Ninth Circuit was principally tasked with determining whether Nosal’s accomplices could have exceeded their authorized access by obtaining information that they were entitled to review only under limited circumstances. Notably, the Korn/Ferry employees were subject to a computer use policy that placed “clear and conspicuous restrictions” on the employees’ access to the system in general, as well as certain databases specifically. Nonetheless, relying on its earlier decision in LVRC Holdings LLC v. Brekka , the Ninth Circuit concluded that “an employee ‘exceeds authorized access’ under [the CFAA] when he or she violates the employer’s computer access restrictions – including use restrictions.” U.S. v. Nosal, 642 F.3d 781 (9th Cir. 2011). However, the Ninth Circuit then reconsidered the issue en banc, and chose to construe the CFAA narrowly. Accordingly, the Ninth Circuit held that the phrase “exceeds authorized access” does not extend to violations of use restrictions, where an employee with approved access then misappropriates the data, because to find otherwise, it concluded, would turn the CFAA from a hacker statute to a broad misappropriation statute, which it refused to do.

The federal jury’s recent verdict identifies an issue that many federal circuits have grappled with: How should the CFAA apply to people who are not “hackers” in any traditional sense of the word? Indeed, the Fifth and Eleventh Circuits have interpreted the CFAA much more broadly, finding, for example, that a Social Security Administration employee exceeded authorized access under the CFAA when he obtained personal information about former girlfriends and potential lovers and then used that information to pursue them. Given the Ninth Circuit’s apparent reluctance to interpret the CFAA broadly (contrary to those other Circuits), it will be interesting to see what the future holds for Nosal’s situation in light of his likely appeal.

]]>Password Protected – Proposed Social Media Privacy Legislationhttps://www.laboremploymentlawblog.com/2012/03/articles/hiring-discipline-termination/password-protected-proposed-social-media-privacy-legislation/
Mon, 26 Mar 2012 22:28:59 +0000http://laboremploymentlawblog.wp.lexblogs.com/2012/03/password-protected-proposed-social-media-privacy-legislation/Continue Reading]]>The job market appears to be on an upswing, and with this upswing, and the advent of new technology, comes new challenges for employers and applicants alike. Potential employees may have online identities that many employers deem useful when investigating a job applicant. However, privacy settings on many social media sites allow an applicant to hide his/her online persona from these potential employers. As a result, a new trend in applicant background investigating has surfaced: asking an applicant for his/her username and password to social media sites during the interview process.

In light of this recent trend, a handful of states have drafted legislation seeking to outlaw what some consider to be an invasion of privacy. Lawmakers in Illinois, Maryland, and California have proposed legislation that would prohibit employers from requiring that current or prospective employees provide or disclose any user names, passwords, or other ways of accessing a personal online account. State lawmakers from Connecticut and New Jersey are considering drafting similar legislation, as is the United States Senate.

We will continue to monitor these developments and provide updates as these draft amendments work their way through the legislative process, and as new proposed amendments are introduced.

Following a trend by the Federal government to liberalize anti-discrimination laws in favor of employees, the Department of Labor Office of Federal Contract Compliance Programs (“OFCCP”) has proposed regulations that would require employers who wish to keep their contracts (and subcontracts) with the Federal government to attempt to maintain a workforce where 7% of employees are individuals with disabilities. The public comment period for this proposal has just closed, and the OFCCP is now in the process of reviewing respondents’ reactions.

The proposal is a departure from current law in that, for the first time, it imposes a hiring goal on contractors. Currently, Section 503 of the of the Rehabilitation Act of 1973 contains an affirmative action plan but not a quantitative objective. This has been the case since the 1970s. Given the lack of improvement in the unemployment rate of individuals with disabilities, as well as the substantial technological advances that enable more reasonable accommodation of such individuals, the OFCCP concluded that such a goal would be appropriate.

The 7% goal would apply only to contractors that have 50 or more employees and a contract of $50,000 or more. It would not be satisfied by a single, whole-workforce comparison. This is because a contractor could satisfy such a goal and still conceal discrimination by segregating all employees with disabilities into one or two low-paying jobs. Instead, the goal would be applied to and measured by each job group. The OFCCP is also considering applying a 2% sub-goal for individuals with certain severe disabilities, such as total blindness or missing extremities. Failure to attain a goal would be neither a finding or admission of discrimination, nor would any goal be a ceiling limiting job opportunities for individuals with disabilities or an absolute quota. Nevertheless, failure to reach the goal could result in cancellation of a government contract or inability to win future contracts with the government.

One tricky aspect of the goal is that employers are prohibited under the Americans with Disabilities Act (“ADA”) from making disability-related inquiries prior to employment, with limited exceptions, and are limited in the disability-related inquiries they may make after an offer of employment has been made. The proposal reconciles this by adding a requirement that the contractor invite applicants to self-identify as individuals with disabilities on a voluntary basis, consistent with the ADA. It would retain the requirement that contractors invite self-identification after an offer of employment has been made and before the individual assumes her job responsibilities, and it would also prescribe for the first time the language a contractor should use in its invitation. It further would add a requirement that contractors survey their workforce annually on an anonymous basis regarding disability status.

The annual survey would likely be the best measure of compliance with the goal, as people who are already employed and are assured of anonymity are more likely to identify themselves as having a disability than those seeking a job. However, the voluntary nature of all of these inquiries creates the possibility that contractors would have insufficient data to demonstrate they are complying with the target. On the other hand, mandating responses by employees and applicants (which is not in the proposal) would likely violate the ADA and other privacy laws.

The proposed rule includes a number of other changes that would increase contractors’ logistical responsibilities. It would require that contractors develop and implement written procedures for processing requests for reasonable accommodation. It would also require contractors to maintain records on the number of individuals with disabilities applying for positions and the number of individuals with disabilities hired. The proposed rule would also impose additional requirements to facilitate the hiring of individuals with disabilities, including (1) a requirement that contractors engage in at least three types of outreach to recruit individuals with disabilities, (2) a requirement that contractors list job openings in appropriate employment delivery systems, and (3) a requirement that contractors must review personnel processes and job qualifications annually.

The proposal also makes changes to conform to the ADA Amendments Act of 2008 (“ADAAA”). For example, the definition of “disability” conforms with the ADAAA definitions. The proposed rule also clarifies that contractors are not required to provide reasonable accommodations to individuals who are only regarded as having a disability, consistent with the ADAAA.

The sweeping changes in Section 503, if implemented, would require the creation of significant new procedures for Federal contractors who do not want to risk loss of their government contracts. Although it is uncertain which of the proposed changes will come to fruition, the proposal reflects a broader trend by the government to fortify the protections and support provided to employees and applicants with disabilities. Employers should therefore examine their accommodation and affirmative action procedures to ensure they are robust and flexible so that possible transitions will create a minimum of disruption.

]]>Employees’ Expectations of Privacy Limited When Using Company-Issued Electronic Deviceshttps://www.laboremploymentlawblog.com/2010/06/articles/privacy/employees-expectations-of-privacy-limited-when-using-company-issued-electronic-devices/
Wed, 23 Jun 2010 21:05:14 +0000http://laboremploymentlawblog.wp.lexblogs.com/2010/06/employees-expectations-of-privacy-limited-when-using-company-issued-electronic-devices/Continue Reading]]>On June 17, 2010, the United States Supreme Court issued its opinion in the case of Quon v. Arch Wireless Operating and The Ontario Police Department. The Supreme Court had to decide whether the City of Ontario had violated the privacy rights of Quon and the officers he texted when, as part of an overage audit, Ontario Police Department Management read transcripts of messages Quon sent on his City-issued pager.

The Supreme Court held that Management’s investigation of the SWAT team members’ text usage was reasonable. The investigation was motivated by the legitimate work-related purpose of ensuring the City’s contractual text character limit was sufficient to meet the City’s needs. In addition, the Court held that the investigation was "not excessive in scope" because reviewing the transcripts of Quon’s messages was "an efficient and expedient way to determine whether Quon’s overages were work-related or due to his personal use."

Even though the Supreme Court’s ruled against Quon, the Court made clear that its holding should not be "used to establish far-reaching premises that define the existence, and extent, of privacy expectations of employees using employer-provided communication devices." In other words, employees’ privacy expectations depend on the nature of their employment and the social reality in which they work. The Court declined to adopt a more sweeping approach.

The best strategy for employers is to continue to ensure that employee handbooks and electronic communication policies clearly establish that employees have no expectation of privacy in electronic devices provided to them by their employer. Employers should also ensure that these policies are administered strictly and consistently by management.

]]>United States Supreme Court Grants Review of Employee Privacy/Text-Messaging Casehttps://www.laboremploymentlawblog.com/2009/12/articles/privacy/united-states-supreme-court-grants-review-of-employee-privacytext-messaging-case/
Thu, 17 Dec 2009 00:01:49 +0000http://laboremploymentlawblog.wp.lexblogs.com/2009/12/united-states-supreme-court-grants-review-of-employee-privacytext-messaging-case/Continue Reading]]>On December 14, 2009, the United States Supreme Court granted review in the case of Quon v. Arch Wireless Operating and The Ontario Police Department, 529 F.3d. 892 (9th Cir. 2008). In this case, the Ninth Circuit Court of Appeal held that the City of Ontario violated the Fourth Amendment and California constitutional privacy rights of the SWAT team member and the officers he texted when, as part of an overage audit, Management read transcripts of the messages the officer sent on his City-issued pager.

As a reminder, in Quon, the Ninth Circuit ruled against the City despite the City’s written “Computer Usage, Internet, and E-mail Policy,” which stated that use of those devices was limited to city business only and that employees were to have no expectation of privacy when using those devices. Here, the problem was that a lieutenant told employees that text messages would not be audited as long as employees paid any overage charges incurred, and the employees argued that they had relied on this statement. The Ninth Circuit held that the lieutenant’s oral agreement not to audit the messages trumped the written policy, thereby creating a reasonable expectation of privacy by the employees and any other individuals who sent messages to the employees. The Ninth Circuit further held that the City’s review of the text messages was not reasonable in its scope as there were less intrusive means to audit overages.

The questions presented to the United State Supreme Court for review are:

(1) Whether a SWAT team member has a reasonable expectation of privacy in text messages transmitted on his SWAT pager, where the police department has an official no-privacy policy but a non-policymaking lieutenant announced an informal policy of allowing some personal use of the pagers.

(2) Whether the Ninth Circuit violated the Supreme Court’s prior Fourth Amendment cases and created a conflict among the appellate courts by analyzing whether the police department could have used “less intrusive methods” of reviewing text messages transmitted by a SWAT team member on his SWAT pager.

(3) Whether individuals who send text messages to a SWAT team member’s SWAT pager have a reasonable expectation that their messages will be free from review by the recipient’s government employer.

Regardless of its outcome, this case serves as a reminder to employers to ensure that not only are employee handbooks updated, but that they are also being strictly followed by managers.

]]>Hernandez v. Hillsides: The California Supreme Court Identifies Guidelines for Workplace Surveillancehttps://www.laboremploymentlawblog.com/2009/08/articles/privacy/hernandez-v-hillsides-the-california-supreme-court-identifies-guidelines-for-workplace-surveillance/
Fri, 07 Aug 2009 02:48:37 +0000http://laboremploymentlawblog.wp.lexblogs.com/2009/08/hernandez-v-hillsides-the-california-supreme-court-identifies-guidelines-for-workplace-surveillance/Continue Reading]]>In Hernandez v. Hillsides, the California Supreme Court provided guidance to employers about the reasonable scope, purpose, and methods of conducting employee surveillance in the workplace. In essence, the Court confirmed a sliding scale for employee expectations of privacy in the workplace based on the office environment. But it allowed employers considerable flexibility to monitor employees for legitimate business reasons so long as the surveillance is properly limited in scope and intrusiveness. Finally, the Court suggested that employers should give notice to employees that monitoring might be used.

Defendant Hillsides is a private, non-profit residential facility for neglected and abused children. The Plaintiffs in this case worked in a clerical capacity at Hillsides. They shared an enclosed office where they worked on computers during the day. It came to the Defendant’s attention that someone was logging on to one of the computers late at night to look at pornographic websites. Hillsides did not suspect the Plaintiffs, who were usually gone for the day by the time of the suspect activity. Without their knowledge, Hillsides installed a hidden, remote operated camera in Plaintiffs’ office. The facility never used the camera during the day or to tape the Plaintiffs. Nonetheless, after discovering the camera, the Plaintiffs sued for invasion of privacy and intentional and negligent infliction of emotional distress.

The trial court granted summary judgment to the defendants on the basis that there could be no "intrusion" where the plaintiffs were never actually video taped. The Court of Appeals overturned, holding that the plaintiffs met the elements of an invasion of privacy claim: (1) they suffered an intrusion into a zone of privacy and (2) it was so unjustified and offensive as to constitute a privacy violation. The California Supreme Court disagreed and reinstated summary judgment for the defendants. It held that while the Plaintiffs had suffered an intrusion into a zone of privacy, no reasonable jury could find that the intrusion was unjustified or offensive.

The Court began by stating the basic principle of workplace privacy; it noted that "while privacy expectations may be significantly diminished in the workplace, they are not lacking altogether." However, before examining whether the plaintiffs had a reasonable expectation of privacy, the Court suggested that a private employer may have a higher responsibility to avoid invasions of privacy than an individual. The Court compared the Hillsides employer to a prior case involving a reporter and noted that Hillsdale had a greater responsibility to respect the privacy of its employees.

The Court went on to examine the question of whether the Plaintiffs had an expectation of privacy. It reviewed the broad spectrum of potential "private" spaces in the workplace. Essentially, the Court held that privacy is heightened in enclosed offices where an employee does not expect to be overheard or observed. The Court set up a spectrum of privacy, with a large cubicle environment on one end providing very low expectations of privacy, and private environments like bathrooms on the other, providing a high expectation of privacy. Plaintiffs’ office was somewhere in the middle because the door could be shut and locked, the blinds could be drawn, and the Plaintiffs could have some expectation of conducting personal activities (such as changing into athletic clothes or adjusting clothing) without being observed. The Court noted that the means of intrusion, surreptitious video tape, was subject to a high standard because it is so invasive.

Perhaps most importantly for employers, the Court made a specific point of the fact that the Plaintiffs had no notice that they might be subject to surveillance. Hillsides had a computer policy that noted that internet activity might be monitored, but it said nothing about video surveillance. The Court’s reasoning suggests that any employer who wants the ability to monitor and record the activities of its employees through surveillance, should explicitly state that possibility in its handbook and policies.

Finally, the Court noted that although the Defendant’s intent was proper, that was a question of the offensiveness of the conduct, and had no bearing on whether an intrusion occurred. It held that because there was a heightened expectation of privacy, and because the method of intrusion was so invasive, Defendant had intruded on a zone of privacy.

The Court then moved on to whether Defendant’s conduct in this case met the standards for a claim of invasion of privacy, ultimately answering the question "no." To make out a claim, a plaintiff must show that the intrusion is "highly offensive to a reasonable person" or an "egregious breach of social norms." Courts should consider the place, time, and scope of the intrusion. Given those standards, the Court noted that the surveillance was limited in scope; a camera pointed at the specific computer in question. It was limited in time; surveillance was conducted only after hours when the Plaintiffs were gone. It was conducted for a legitimate purpose; protecting the children. Safeguards were in place to protect the information; there was limited access to the equipment. Finally, the intrusion itself was limited; while the camera was present, it never actually recorded the Plaintiffs.

Hillsides also offered an affirmative defense of justification (i.e. that they had legitimate reasons for the surveillance). Plaintiffs argued that HIllsides had not met its burden because it did not prove that there were no less intrusive means of accomplishing its goals. The court held that no such requirement exists.

The lessons for employers here are simple, and important. First, employers should build the possibility of surveillance into their privacy policies if there is any chance it will be required. Second, employers conducting surveillance should make sure they have a legitimate purpose for the surveillance, and that it is as limited in scope as possible to accomplish the objective. Finally, employers should recognize that any employee environment that can be closed off comes with a higher expectation of privacy.